mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-11 19:00:02 +01:00
Add code for activation wirh FEC device.
This commit is contained in:
Milan Broz
@@ -370,7 +370,7 @@ static char *get_dm_verity_params(struct crypt_params_verity *vp,
|
|||||||
{
|
{
|
||||||
int max_size, r, num_options = 0;
|
int max_size, r, num_options = 0;
|
||||||
char *params = NULL, *hexroot = NULL, *hexsalt = NULL;
|
char *params = NULL, *hexroot = NULL, *hexsalt = NULL;
|
||||||
char features[256];
|
char features[256], fec_features[256];
|
||||||
|
|
||||||
if (!vp || !dmd)
|
if (!vp || !dmd)
|
||||||
return NULL;
|
return NULL;
|
||||||
@@ -387,6 +387,15 @@ static char *get_dm_verity_params(struct crypt_params_verity *vp,
|
|||||||
if (flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS)
|
if (flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS)
|
||||||
num_options++;
|
num_options++;
|
||||||
|
|
||||||
|
if (dmd->u.verity.fec_device) {
|
||||||
|
num_options += 8;
|
||||||
|
snprintf(fec_features, sizeof(fec_features)-1,
|
||||||
|
" use_fec_from_device %s fec_start 0 fec_blocks %" PRIu64 " fec_roots %" PRIu32,
|
||||||
|
device_block_path(dmd->u.verity.fec_device),
|
||||||
|
vp->data_size + dmd->u.verity.hash_blocks, vp->fec_roots);
|
||||||
|
} else
|
||||||
|
*fec_features = '\0';
|
||||||
|
|
||||||
if (num_options)
|
if (num_options)
|
||||||
snprintf(features, sizeof(features)-1, " %d%s%s%s", num_options,
|
snprintf(features, sizeof(features)-1, " %d%s%s%s", num_options,
|
||||||
(flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? " ignore_corruption" : "",
|
(flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? " ignore_corruption" : "",
|
||||||
@@ -418,12 +427,12 @@ static char *get_dm_verity_params(struct crypt_params_verity *vp,
|
|||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
r = snprintf(params, max_size,
|
r = snprintf(params, max_size,
|
||||||
"%u %s %s %u %u %" PRIu64 " %" PRIu64 " %s %s %s %s",
|
"%u %s %s %u %u %" PRIu64 " %" PRIu64 " %s %s %s%s%s",
|
||||||
vp->hash_type, device_block_path(dmd->data_device),
|
vp->hash_type, device_block_path(dmd->data_device),
|
||||||
device_block_path(dmd->u.verity.hash_device),
|
device_block_path(dmd->u.verity.hash_device),
|
||||||
vp->data_block_size, vp->hash_block_size,
|
vp->data_block_size, vp->hash_block_size,
|
||||||
vp->data_size, dmd->u.verity.hash_offset,
|
vp->data_size, dmd->u.verity.hash_offset,
|
||||||
vp->hash_name, hexroot, hexsalt, features);
|
vp->hash_name, hexroot, hexsalt, features, fec_features);
|
||||||
if (r < 0 || r >= max_size) {
|
if (r < 0 || r >= max_size) {
|
||||||
crypt_safe_free(params);
|
crypt_safe_free(params);
|
||||||
params = NULL;
|
params = NULL;
|
||||||
|
|||||||
20
lib/setup.c
20
lib/setup.c
@@ -72,6 +72,7 @@ struct crypt_device {
|
|||||||
char *root_hash;
|
char *root_hash;
|
||||||
unsigned int root_hash_size;
|
unsigned int root_hash_size;
|
||||||
char *uuid;
|
char *uuid;
|
||||||
|
struct device *fec_device;
|
||||||
} verity;
|
} verity;
|
||||||
struct { /* used in CRYPT_TCRYPT */
|
struct { /* used in CRYPT_TCRYPT */
|
||||||
struct crypt_params_tcrypt params;
|
struct crypt_params_tcrypt params;
|
||||||
@@ -618,6 +619,10 @@ static int _crypt_load_verity(struct crypt_device *cd, struct crypt_params_verit
|
|||||||
(r = crypt_set_data_device(cd, params->data_device)) < 0)
|
(r = crypt_set_data_device(cd, params->data_device)) < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
if (params && params->fec_device &&
|
||||||
|
(r = device_alloc(&cd->u.verity.fec_device, params->fec_device)) < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1039,6 +1044,10 @@ static int _crypt_format_verity(struct crypt_device *cd,
|
|||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (params->fec_device &&
|
||||||
|
(r = device_alloc(&cd->u.verity.fec_device, params->fec_device)) < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
hash_size = crypt_hash_size(params->hash_name);
|
hash_size = crypt_hash_size(params->hash_name);
|
||||||
if (hash_size <= 0) {
|
if (hash_size <= 0) {
|
||||||
log_err(cd, _("Hash algorithm %s not supported.\n"),
|
log_err(cd, _("Hash algorithm %s not supported.\n"),
|
||||||
@@ -1078,6 +1087,8 @@ static int _crypt_format_verity(struct crypt_device *cd,
|
|||||||
if (params->flags & CRYPT_VERITY_CREATE_HASH) {
|
if (params->flags & CRYPT_VERITY_CREATE_HASH) {
|
||||||
r = VERITY_create(cd, &cd->u.verity.hdr,
|
r = VERITY_create(cd, &cd->u.verity.hdr,
|
||||||
cd->u.verity.root_hash, cd->u.verity.root_hash_size);
|
cd->u.verity.root_hash, cd->u.verity.root_hash_size);
|
||||||
|
if (!r && params->fec_device)
|
||||||
|
r = VERITY_FEC_create(cd, &cd->u.verity.hdr);
|
||||||
if (r)
|
if (r)
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
@@ -1096,12 +1107,6 @@ static int _crypt_format_verity(struct crypt_device *cd,
|
|||||||
&cd->u.verity.hdr);
|
&cd->u.verity.hdr);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (params->fec_device) {
|
|
||||||
r = VERITY_FEC_create(cd, &cd->u.verity.hdr);
|
|
||||||
if (r)
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1379,6 +1384,7 @@ void crypt_free(struct crypt_device *cd)
|
|||||||
free(CONST_CAST(void*)cd->u.verity.hdr.salt);
|
free(CONST_CAST(void*)cd->u.verity.hdr.salt);
|
||||||
free(cd->u.verity.root_hash);
|
free(cd->u.verity.root_hash);
|
||||||
free(cd->u.verity.uuid);
|
free(cd->u.verity.uuid);
|
||||||
|
device_free(cd->u.verity.fec_device);
|
||||||
} else if (!cd->type) {
|
} else if (!cd->type) {
|
||||||
free(cd->u.none.active_name);
|
free(cd->u.none.active_name);
|
||||||
}
|
}
|
||||||
@@ -2026,7 +2032,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
|
|||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = VERITY_activate(cd, name, volume_key, volume_key_size,
|
r = VERITY_activate(cd, name, volume_key, volume_key_size, cd->u.verity.fec_device,
|
||||||
&cd->u.verity.hdr, flags|CRYPT_ACTIVATE_READONLY);
|
&cd->u.verity.hdr, flags|CRYPT_ACTIVATE_READONLY);
|
||||||
|
|
||||||
if (r == -EPERM) {
|
if (r == -EPERM) {
|
||||||
|
|||||||
@@ -76,11 +76,13 @@ struct crypt_dm_active_device {
|
|||||||
} crypt;
|
} crypt;
|
||||||
struct {
|
struct {
|
||||||
struct device *hash_device;
|
struct device *hash_device;
|
||||||
|
struct device *fec_device;
|
||||||
|
|
||||||
const char *root_hash;
|
const char *root_hash;
|
||||||
uint32_t root_hash_size;
|
uint32_t root_hash_size;
|
||||||
|
|
||||||
uint64_t hash_offset; /* hash offset in blocks (not header) */
|
uint64_t hash_offset; /* hash offset in blocks (not header) */
|
||||||
|
uint64_t hash_blocks; /* size of hash device (in hash blocks) */
|
||||||
struct crypt_params_verity *vp;
|
struct crypt_params_verity *vp;
|
||||||
} verity;
|
} verity;
|
||||||
} u;
|
} u;
|
||||||
|
|||||||
@@ -233,6 +233,7 @@ int VERITY_activate(struct crypt_device *cd,
|
|||||||
const char *name,
|
const char *name,
|
||||||
const char *root_hash,
|
const char *root_hash,
|
||||||
size_t root_hash_size,
|
size_t root_hash_size,
|
||||||
|
struct device *fec_device,
|
||||||
struct crypt_params_verity *verity_hdr,
|
struct crypt_params_verity *verity_hdr,
|
||||||
uint32_t activation_flags)
|
uint32_t activation_flags)
|
||||||
{
|
{
|
||||||
@@ -256,9 +257,11 @@ int VERITY_activate(struct crypt_device *cd,
|
|||||||
dmd.target = DM_VERITY;
|
dmd.target = DM_VERITY;
|
||||||
dmd.data_device = crypt_data_device(cd);
|
dmd.data_device = crypt_data_device(cd);
|
||||||
dmd.u.verity.hash_device = crypt_metadata_device(cd);
|
dmd.u.verity.hash_device = crypt_metadata_device(cd);
|
||||||
|
dmd.u.verity.fec_device = fec_device;
|
||||||
dmd.u.verity.root_hash = root_hash;
|
dmd.u.verity.root_hash = root_hash;
|
||||||
dmd.u.verity.root_hash_size = root_hash_size;
|
dmd.u.verity.root_hash_size = root_hash_size;
|
||||||
dmd.u.verity.hash_offset = VERITY_hash_offset_block(verity_hdr),
|
dmd.u.verity.hash_offset = VERITY_hash_offset_block(verity_hdr);
|
||||||
|
dmd.u.verity.hash_blocks = VERITY_hash_blocks(cd, verity_hdr);
|
||||||
dmd.flags = activation_flags;
|
dmd.flags = activation_flags;
|
||||||
dmd.size = verity_hdr->data_size * verity_hdr->data_block_size / 512;
|
dmd.size = verity_hdr->data_size * verity_hdr->data_block_size / 512;
|
||||||
dmd.uuid = crypt_get_uuid(cd);
|
dmd.uuid = crypt_get_uuid(cd);
|
||||||
@@ -274,6 +277,13 @@ int VERITY_activate(struct crypt_device *cd,
|
|||||||
if (r)
|
if (r)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
if (dmd.u.verity.fec_device) {
|
||||||
|
r = device_block_adjust(cd, dmd.u.verity.fec_device, DEV_OK,
|
||||||
|
0, NULL, NULL);
|
||||||
|
if (r)
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
r = dm_create_device(cd, name, CRYPT_VERITY, &dmd, 0);
|
r = dm_create_device(cd, name, CRYPT_VERITY, &dmd, 0);
|
||||||
if (r < 0 && !(dm_flags() & DM_VERITY_SUPPORTED)) {
|
if (r < 0 && !(dm_flags() & DM_VERITY_SUPPORTED)) {
|
||||||
log_err(cd, _("Kernel doesn't support dm-verity mapping.\n"));
|
log_err(cd, _("Kernel doesn't support dm-verity mapping.\n"));
|
||||||
|
|||||||
@@ -29,6 +29,7 @@
|
|||||||
|
|
||||||
struct crypt_device;
|
struct crypt_device;
|
||||||
struct crypt_params_verity;
|
struct crypt_params_verity;
|
||||||
|
struct device;
|
||||||
|
|
||||||
int VERITY_read_sb(struct crypt_device *cd,
|
int VERITY_read_sb(struct crypt_device *cd,
|
||||||
uint64_t sb_offset,
|
uint64_t sb_offset,
|
||||||
@@ -44,6 +45,7 @@ int VERITY_activate(struct crypt_device *cd,
|
|||||||
const char *name,
|
const char *name,
|
||||||
const char *root_hash,
|
const char *root_hash,
|
||||||
size_t root_hash_size,
|
size_t root_hash_size,
|
||||||
|
struct device *fec_device,
|
||||||
struct crypt_params_verity *verity_hdr,
|
struct crypt_params_verity *verity_hdr,
|
||||||
uint32_t activation_flags);
|
uint32_t activation_flags);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user